DSA-2022-035: Dell Wyse Device Agent Security Update for Multiple Vulnerabilities
摘要: Dell Wyse Device Agent remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Medium
详情
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
受影响的产品和补救措施
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2022-2-17 | Initial Release |
相关信息
法律免责声明
受影响的产品
Product Security Information, Wyse Management Suite文章属性
文章编号: 000196005
文章类型: Dell Security Advisory
上次修改时间: 17 2月 2022
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。